zeppelin | 5b458abfe7cd84787df8a77659729f73c7617b1a54daea04229a24071d7f650d

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 03:20

Target

0cc2f587dec522061d984365397cb340.exe
Size

847KB
MD5

0cc2f587dec522061d984365397cb340
SHA1

93c34efeb9efcfa2bdfbb4a50c0ab4b74b954a52
SHA256

5b458abfe7cd84787df8a77659729f73c7617b1a54daea04229a24071d7f650d
SHA512

1c48fa6ccf5756aa5a46c8e4e9ee9c13af7ba70913fe06c2ae59e2ed07a960cef88112b4b9a41f9855cd5d4c4b2dfa199e522865f3e41cad3604bfa3eaeba886
SSDEEP

12288:0Zdo2MjXkEeQGGOgSlDD7GjStd6ZG8yE:lxjXkEeQ1OnD/GjStd6lR

Score

10^/10

Detects Zeppelin payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3560-5-0x000000001B130000-0x000000001B271000-memory.dmp	family_zeppelin

Zeppelin Ransomware
Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.
ransomware zeppelin

C:\Users\Admin\AppData\Local\Temp\0cc2f587dec522061d984365397cb340.exe
"C:\Users\Admin\AppData\Local\Temp\0cc2f587dec522061d984365397cb340.exe"
1⤵
PID:3560

memory/3560-0-0x0000000000510000-0x00000000005EA000-memory.dmp

Filesize
872KB

Download
memory/3560-1-0x000000001B2A0000-0x000000001B386000-memory.dmp

Filesize
920KB

Download
memory/3560-2-0x00007FF8D1A70000-0x00007FF8D2531000-memory.dmp

Filesize
10.8MB

Download
memory/3560-3-0x0000000000D90000-0x0000000000D96000-memory.dmp

Filesize
24KB

Download
memory/3560-4-0x000000001B290000-0x000000001B2A0000-memory.dmp

Filesize
64KB

Download
memory/3560-5-0x000000001B130000-0x000000001B271000-memory.dmp

Filesize
1.3MB

Download
memory/3560-6-0x00007FF8D1A70000-0x00007FF8D2531000-memory.dmp

Filesize
10.8MB

Download